<?php
session_start();

  $currPage = "post";
  include("inc_header.php");
  
  /* TODO: make dynamic dependant on user and update the insert statement */

  // check to make sure somebody is logged in
   // if a registered user is logged in, display vehicle for sale announcements
   // if a dealer is logged in, display vehicle for sale
   // seller can edit and remove the announcements they have posted

// if a seller is logged in,
// then if the seller has not submitted the page yet
  if (!isset($_POST['submit']))
  {
  
	if ($_SESSION["usertype"] == 'admin')
	{
		echo "<i>Whooops! You're an admin. You can't be posting announcements! Get back to work!</i>";
	}
	else
	{
	
?>
	<div id="content">
		<h2><a href="#">Post New Announcement</a></h2>
		Fill out the form to make a new vehicle announcement.
		
	 	<br /><br /><br />
		<div class="clearfix">
		<form method="post" action="postAnnouncement.php" enctype="multipart/form-data">
		<table>
			<tr>
			<td>Make:</td>
			<td><input type="text" value="" name="make" id="make" size="40" /></td>
			</tr>

			<tr>
			<td>Model:</td>
			<td><input type="text" value="" name="model" id="model" size="40" /></td>
			</tr>

			<tr>
			<td>Year:</td>
			<td>
				<select name="year" id="year">
					<option name=''></option>
					<?php
						for ($i = (int)date("o"); $i >= 1908; $i--)
						{
							echo "<option mame='$i'>$i</option>";
						}
					?>
				</select>
			</td>
			</tr>

			<tr>
			<td>Price:</td>
			<td><input type="text" value="" name="price" id="price" size="40" /></td>
			</tr>

			<tr>
			<td>Mileage:</td>
			<td><input type="text" value="" name="mileage" id="mileage" size="40" /></td>
			</tr>

			<tr>
			<td>Exterior Color:</td>
			<td><input type="text" value="" name="color" id="color" size="40" /></td>
			</tr>

			<tr>
			<td>Engine:</td>
			<td><input type="text" value="" name="engine" id="engine" size="40" /></td>
			</tr>

			<tr>
			<td>Drive Type:</td>
			<td><input type="text" value="" name="driveType" id="driveType" size="40" /></td>
			</tr>

			<tr>
			<td>Number of Doors:</td>
			<td><input type="text" value="" name="doorNum" id="doorNum" size="40" /></td>
			</tr>

			<tr>
			<td>Vehicle ID Number:</td>
			<td><input type="text" value="" name="vin" id="vin" size="40" /></td>
			</tr>

			<tr>
			<td>Photo:</td>
			<td><input type="file" name="pic" id="pic" size="30" /> ** file must be in .jpg format
			</td>
			</tr>
			
			<tr>
			<td>Description:</td>
			<td><textarea name="desc" id="desc" rows="5" cols="30"></textarea></td>
			</tr>

			<tr>
			<td>&nbsp;</td>
			<td><input type="submit" value="Submit" name="submit" id="submit" /></td>
			</tr>
		</table>
		</form>
		</div>
	</div>
<?php
	}
  }
  else // form has been submitted
  {
	$hostname="mysql-user.cse.msu.edu"; // Host name
	$username="hewittry"; // Mysql username
	$password="A39777266"; // Mysql password
	$database="hewittry"; // Database name
	$mysqli = new mysqli($hostname, $username, $password, $database);
	if ($mysqli->connect_error) {
		die('Error: Database connection problem: (' . $mysqli->connect_errno . ') ' . $mysqli->connect_error);
	}
	
    $make = $mysqli->real_escape_string($_POST['make']);
    $model = $mysqli->real_escape_string($_POST['model']);
    $year = (int)$_POST['year'];
    $price = $_POST['price'];
	$pice = trim($price, "$");
	$priceArray = explode(".", $price);
	$price = (int)$priceArray[0];
    $mileage = (int)$_POST['mileage'];
    $color = $mysqli->real_escape_string($_POST['color']);
    $engine = $mysqli->real_escape_string($_POST['engine']);
    $driveType = $mysqli->real_escape_string($_POST['driveType']);
    $doorNum = (int)$_POST['doorNum'];
    $vin = (int)$_POST['vin'];
    $pic_temp = $_FILES['pic']['tmp_name'];
    $pic = basename( $_FILES['pic']['name']);
	$desc = $mysqli->real_escape_string($_POST['desc']);
	
	if ($_FILES['pic']['type'] != 'image/jpeg')
	{
		die("Error: Got to be a jpeg file!");
	}
	else if ($_FILES["pic"]["error"] > 0)
    {
		die("Error: " . $_FILES["pic"]["error"] . "<br />");
    }
	else if (!is_int($year) || !is_int($price) || !is_int($mileage) || !is_int($doorNum) || !is_int($vin))
	{
		die("Error: Incorrect format");
	}

    $query = "INSERT INTO VehicleForSale (NonAdmins_AllUsers_LogonID, Make, Model, VehicleYear, Price, Mileage, ExteriorColor, Engine, ";
	$query .= "DriverType, NoDoors, VIN, Photo, Description, timestamp) VALUES ('" . $_SESSION['username'] . "', '$make', '$model', $year, $price, $mileage, '$color', ";
	$query .= "'$engine', '$driveType', $doorNum, $vin, '$pic', '$desc', " . time() . ");";
	
    $result = $mysqli->query( $query);
	
	if ($mysqli->error != "")
	{
		die("Error: query error. " . $mysqli->error . " " . $query);
	}
	
	$target_path = "upload/" . $pic;
	move_uploaded_file($pic_temp, $target_path);

    ?>
	
	<p>Your announcement has been posted! To add more, <a href="postAnnouncement.php"> post another announcement</a>.</p>
	
	<p>For updates on your postings, click '<a href="manageAccount.php">Manage Account</a>' above.</p>

	<?php
	$mysqli->close();
    
  }
 include("inc_footer.php"); ?>
